• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

SSO with Cookies

 
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I have my main web application and also the jforum web app /jforum.

I have implemented my SSOCookie class that implements SSO.

The trouble i am having is i can't get access to the username cookie that was set in the other web application from within this class.

My question is how do i get around this, do i deploy jforum different, if so how? or can i access this cookie from the other web app somehow.

Thanks for your help.

Paul
[originally posted on jforum.net by jonesp123]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm search the answer with same question.
[originally posted on jforum.net by samlet]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Is this a problem with cookie visibility? E.g. is the cookie being set either on another host or with a specific URL that it applies to? This might cause the browser to not send the cookie to Jforum.

It might also be related to various browser level security constraints. Many modern browsers don't allow for long term cookies by default. Some even deny short term session cookies if the security contraints aren't modified.

FWIW, the RequestContext object that gets passed to the SSO methods is really a "wrapped" HTTPServletRequest object. So if you need more information about the Java context, you can just re-cast this and get access to all the methods. E.g.:

HttpServletRequest req = (HttpServletRequest) request;


[originally posted on jforum.net by monroe]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I had trouble with SSO until I configured tomcat for session sharing through the SSO Valve. After that, I could see the session cookies from the other application. I posted a reference to it in this issue:
https://coderanch.com/t/577843 #18006

I see that you are using CookieSSO, so I am not sure if this applies.

Diego
[originally posted on jforum.net by andune76]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
... a mechanism that is 'better' in means that it could be widely used even though if jforum and other applications are not on the same server is the SSO mechanism via URL request parameters. It is necessary however to have a 'cipher' mechanism included to make sure that the parameters are 'encrypted' and that noone else can sneak in without permission.

Something that is hardly ever asked about for instance is:
You recieve emails when a new post is made. This email holds a link that allows oyu to jump straight to the entry on the forum. Have you yet tried this? Normally it should reject the access as the user is not logged in.

For this I had to write some mechanism so that the spammer would write the URL of the surrounding application, with a hook_url parameter that holds the jforum data. This is the url that the user will be redirected to straight after successful login.
[originally posted on jforum.net by Sid]
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic